The scan server (SaaS or On-premise) avoids to consume resources on the developers workstation. It integrates YAG Scanner as well as a set of other preconfigured SAST Open Source tools.
Your code review gets more efficient by filtering false positives with our embedded artificial intelligence.
YAG Scanner detected vulnerabilities are shown with a dynamic and educational diagnosis which helps understanding the causes of the warnings and building skills on application security.
The tool identifies the most effective fix locations as well as patch samples extracted from the rest of the application source code.
The YAG-Suite interfaces with your continuous integration tools to control your code security at any time.
* Currently available for Java and PHP
The YAG-Suite learns from your feedback about true/false positives as well as assessing the CVSS Criticality. Thus, the analyzes self adapt to the application context to provide you with a relevant action plan on the vulnerabilities to be fixed as a priority.
Information to be sought in the source code can be easily customized to fit with unsupported technologies
The various repository customization modes as well as the graphic modeling wizards allow you to refine analyzes without requiring code analysis expertise.
You have access to comprehensive lists of sensitive information, encryption mechanisms, and all information you need to identify and qualify detected vulnerabilities.
Check the compliance of the source code of your applications against the main security standards : OWASP Top10, PCI-DSS, SANS-TOP25